[Declined]rule(list network_tool_binaries): Add some network tools to detect suspicious network activity

[rung]

Signed-off-by: Hiroki Suezawa suezawa@gmail.com

What type of PR is this?
/kind rule-update

Any specific area of the project related to this PR?
/area rules

What this PR does / why we need it:

What this PR does

• Add network tool binaries to detect suspicious network process.

Why we need it

• I added some common tools which attackers often use.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

rule(list network_tool_binaries): Add some network tools to detect suspicious network activity.

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: mstemm

If they are not already assigned, you can assign the PR to them by writing /assign @mstemm in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• rules/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rung]

(I closed this PR by mistake, so I reopened it)

[leodido]

/cc @Kaizhe

/cc @leodido

[leodido]

/cc @Kaizhe

/cc @leodido

[Kaizhe]

ssh might be false positive prone as the list is also used in the rule Launch Suspicious Network Tool on Host.

[rung]

@Kaizhe Thank you.
and very sorry 🙇. Because I re-forked this repo, I Couldn't push new commit to this PR.
So I recreated new PR.
#975